sailscastshq/authentication
skills/authentication/SKILL.md
Authentication patterns for The Boring JavaScript Stack — session-based auth with password, magic links, passkeys (WebAuthn), two-factor authentication (TOTP/email/backup codes), password reset, and OAuth. Use this skill when implementing or modifying any authentication flow in a Sails.js application.
$ install --global
skillsauthnpx skillsauth add sailscastshq/boring-stack authenticationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 12, 2026, 11:11 PM5.3s10 files scanned
SKILL.md
- name:
- authentication
- description:
- >
- author:
- sailscastshq
- version:
- 1.0.0
- tags:
- authentication, auth, login, signup, password, magic-link, passkey, webauthn, 2fa, totp, oauth, boring-stack
Authentication
The Boring JavaScript Stack uses session-based authentication with multiple sign-in methods. The Ascent templates provide production-ready implementations of password auth, magic links, passkeys, two-factor authentication, password reset, and OAuth — all built on Sails.js actions, helpers, and policies.
When to Use
Use this skill when:
- Implementing signup and login flows (password or magic link)
- Adding passkey (WebAuthn) support with
@simplewebauthn - Setting up two-factor authentication (TOTP, email codes, backup codes)
- Building password reset flows with secure token handling
- Integrating OAuth providers (Google, GitHub) via
sails-hook-wish - Configuring authentication policies (
is-authenticated,is-guest,has-partially-logged-in) - Understanding the
req.me/req.session.userIdpattern and return URL handling - Working with the User model's auth-related attributes and lifecycle callbacks
Rules
Read individual rule files for detailed explanations and code examples:
- rules/getting-started.md - Auth architecture, User model overview, policies, req.me, return URL
- rules/password-auth.md - Signup and login flows, password hashing, remember me, validation
- rules/magic-links.md - Token generation/hashing, request/verify actions, auto-signup, security
- rules/passkeys.md - WebAuthn with @simplewebauthn, registration and authentication flows
- rules/two-factor.md - TOTP, email 2FA, backup codes, partial login state, verify-2fa action
- rules/password-reset.md - Forgot/reset flow, token lifecycle, email integration, security
- rules/oauth.md - Wish library, Google/GitHub OAuth, redirect/callback, findOrCreate pattern
Related Skills
sailscastshq/waterline
development
VerifiedTrustedCommunity
Waterline ORM query language, model definitions, associations, and data access patterns for Sails.js. Use this skill when writing, reviewing, or debugging Waterline queries, model attributes, associations, lifecycle callbacks, validations, or any database interaction in a Sails.js application.
493SKILL.mdUpdated Apr 12, 2026
sailscastshq/the-frugal-architect
development
VerifiedTrustedCommunity
Cost-aware architecture skill inspired by The Frugal Architect and adapted for The Boring JavaScript Stack. Treat cost as a first-class non-functional requirement, align system shape to the business model, make trade-offs explicit, observe cost and waste, add cost controls, optimize incrementally, and challenge stale assumptions. Use this skill when shaping infrastructure, architecture, scaling, observability, performance, background jobs, caching, or product-engineering trade-offs.
493SKILL.mdUpdated Apr 12, 2026
sailscastshq/the-algorithm
tools
VerifiedTrustedCommunity
Product-building operating system inspired by Elon Musk's five-step "The Algorithm" — question every requirement, delete nonessential work, simplify what remains, accelerate feedback loops, and automate last. Use this skill when shaping offers, features, onboarding, pricing, architecture, workflow, launch, or automation decisions. Tailored for founders, designers, operators, product engineers, and AI coding agents building real products.
493SKILL.mdUpdated Apr 12, 2026
sailscastshq/testing
development
VerifiedTrustedCommunity
Sounding-first testing patterns for The Boring JavaScript Stack — one test() API, a Sails-centered trial context, worlds under tests/, JSON and Inertia request testing, mail capture, and browser-capable trials only when the browser truly matters. Use this skill when writing, configuring, or debugging tests in a Sails.js + Inertia.js application.
493SKILL.mdUpdated Apr 12, 2026